The primary difference here is in what we set in the Redis cache. We prepend
the string 'portier:nonce:' to the nonce value used for the key, and we set
the value to the next URL query parameter. With this, if the user visits a
page that requires authentication, the application can redirect them directly
to that page after they have logged in.

The verify endpoint

Assuming that

You have a template for an error page named 'error.html'

fromasyncio_portierimportget_verified_emailimporttornado.webclassVerifyHandler(tornado.web.RequestHandler):asyncdefpost(self):error=self.get_argument('error',None)iferrorisnotNone:description=self.get_argument('error_description',None)msg='Broker Error ({})'.format(error)ifdescriptionisnotNone:msg+=': {}'.format(description)self.set_status(400)self.render('error.html',error=msg)returntoken=self.get_argument('id_token')try:email,next_page=awaitget_verified_email(broker_url,token,self.audience,broker_url,cache)exceptValueErrorasexc:self.set_status(400)self.render('error.html',error=exc)returnself.set_secure_cookie('user_email',email,httponly=True,# We're not using HTTPS on localhost, but we would otherwisesecure=False,)self.redirect(next_page)

The get_verified_email function now takes a number of explicit parameters
instead of reading from a global SETTINGS object. It can raise ValueError
instead of RuntimeError. It also now returns a next_page in addition to an
email which, as mentioned before, allows the application to redirect the user
directly to the requested page.

Wrapping up

This library should make things a little bit easier for anyone using Portier
and asyncio. Please let me know if you run into any issues!